System and method for providing complex data encryption

ABSTRACT

Various systems, methods, and computer program products are provided for complex data encryption. The method includes receiving a user input code from a computing device associated with a user. The user input code is one or more plaintext characters. The method also includes generating a first encrypted value using a first encryption algorithm based on the user input code. The method further includes decrypting the first encrypted value using one or more additional encryption algorithms. The one or more synthetic user input codes are generated by the decryption of the first encrypted value using each of the one or more additional encryption algorithms. The method still further includes determining a first encryption vulnerability score based on the value of the one or more synthetic user input codes. The method also includes causing a transmission of a user input code notification based on the first encryption vulnerability score.

TECHNOLOGICAL FIELD

An example embodiment relates generally to data encryption, and moreparticularly, to automated processing for providing complex dataencryption.

BACKGROUND

Current encryption methods are often susceptible to cryptanalysistechniques, such as frequency analysis, n-tuple analysis, dictionaryattacks, and/or brute force hacking. These known cryptanalysistechniques can be used to determine potential decrypted values.Therefore, it is necessary to improve the encryption processes toimprove security. There exists a need for a system that makes decryptingdata more difficult to improve network security.

BRIEF SUMMARY

The following presents a summary of certain embodiments of thedisclosure. This summary is not intended to identify key or criticalelements of all embodiments nor delineate the scope of any or allembodiments. Its sole purpose is to present certain concepts andelements of one or more embodiments in a summary form as a prelude tothe more detailed description that follows.

In an example embodiment, a system for providing complex data encryptionis provided. The system includes at least one non-transitory storagedevice and at least one processing device coupled to the at least onenon-transitory storage device. The at least one processing device isconfigured to receive a user input code from a computing deviceassociated with a user. The user input code is one or more plaintextcharacters. The at least one processing device is also configured togenerate a first encrypted value using a first encryption algorithmbased on the user input code. The at least one processing device isfurther configured to decrypt the first encrypted value using one ormore additional encryption algorithms. One or more synthetic user inputcodes are generated by the decryption of the first encrypted value usingeach of the one or more additional encryption algorithms. The at leastone processing device is still further configured to determine a firstencryption vulnerability score based on the value of the one or moresynthetic user input codes. The first encryption vulnerability score isbased on one or more similarities between the user input code and theone or more synthetic user input codes. The at least one processingdevice is also configured to cause a transmission of a user input codenotification based on the first encryption vulnerability score.

In some embodiments, the user input code notification is at least one ofthe user input code or the first encryption algorithm in an instance inwhich the first encryption vulnerability score is above a thresholdvulnerability level. In some embodiments, in an instance in which thefirst encryption vulnerability score is below a threshold vulnerabilitylevel, the at least one processing device is configured to determine asecond encryption algorithm to generate a second encrypted value basedon the user input code.

In some embodiments, the at least one processing device is configured togenerate a second encrypted value using a second encryption algorithmbased on the user input code; decrypt the second encrypted value usingthe one or more additional encryption algorithms with one or moresecondary synthetic user input codes being generated by the decryptionof the second encrypted value using each of the one or more additionalencryption algorithm; and determine a second encryption vulnerabilityscore based on the one or more secondary synthetic user input codes.

In some embodiments, the at least one processing device is configured togenerate the user input code notification based on the second encryptionalgorithm in an instance in which the second encryption vulnerabilityscore is above a threshold vulnerability score. In some embodiments, thesecond encrypted value generated using a second encryption algorithmbased on the user input code is generated in an instance in which thefirst encryption vulnerability score is below a threshold vulnerabilityscore.

In some embodiments, the at least one processing device is configured tocompare the first encryption vulnerability score and the secondencryption vulnerability score; and select a primary encryptionalgorithm between the first encryption algorithm and the secondalgorithm based on the comparison of the first encryption vulnerabilityscore and the second encryption vulnerability score. In such anembodiment, the user input code notification is based on the primaryencryption algorithm.

In another example embodiment, a computer program product for providingcomplex data encryption is provided. The computer program productinclude at least one non-transitory computer-readable medium havingcomputer-readable program code portions embodied therein. Thecomputer-readable program code portions include an executable portionconfigured to receive a user input code from a computing deviceassociated with a user. The user input code is one or more plaintextcharacters. The computer-readable program code portions also include anexecutable portion configured to generate a first encrypted value usinga first encryption algorithm based on the user input code. Thecomputer-readable program code portions further include an executableportion configured to decrypt the first encrypted value using one ormore additional encryption algorithms. The one or more synthetic userinput codes are generated by the decryption of the first encrypted valueusing each of the one or more additional encryption algorithms. Thecomputer-readable program code portions still further include anexecutable portion configured to determine a first encryptionvulnerability score based on the value of the one or more synthetic userinput codes. The first encryption vulnerability score is based on one ormore similarities between the user input code and the one or moresynthetic user input codes. The computer-readable program code portionsalso include an executable portion configured to cause a transmission ofa user input code notification based on the first encryptionvulnerability score.

In some embodiments, the user input code notification is at least one ofthe user input code or the first encryption algorithm in an instance inwhich the first encryption vulnerability score is above a thresholdvulnerability level. In some embodiments, in an instance in which thefirst encryption vulnerability score is below a threshold vulnerabilitylevel, the computer-readable program code portions also include anexecutable portion configured to determine a second encryption algorithmto generate a second encrypted value based on the user input code.

In some embodiments, the computer-readable program code portions alsoinclude an executable portion configured to generate a second encryptedvalue using a second encryption algorithm based on the user input code;decrypt the second encrypted value using the one or more additionalencryption algorithms with one or more secondary synthetic user inputcodes being generated by the decryption of the second encrypted valueusing each of the one or more additional encryption algorithm; anddetermine a second encryption vulnerability score based on the one ormore secondary synthetic user input codes.

In some embodiments, the computer-readable program code portions alsoinclude an executable portion configured to generate the user input codenotification based on the second encryption algorithm in an instance inwhich the second encryption vulnerability score is above a thresholdvulnerability score. In some embodiments, the second encrypted valuegenerated using a second encryption algorithm based on the user inputcode is generated in an instance in which the first encryptionvulnerability score is below a threshold vulnerability score.

In some embodiments, the computer-readable program code portions alsoinclude an executable portion configured to compare the first encryptionvulnerability score and the second encryption vulnerability score and,select a primary encryption algorithm between the first encryptionalgorithm and the second algorithm based on the comparison of the firstencryption vulnerability score and the second encryption vulnerabilityscore. In such an embodiment, the user input code notification is basedon the primary encryption algorithm.

In still another example embodiment, a computer-implemented method forproviding complex data encryption is provided. The method includesreceiving a user input code from a computing device associated with auser. The user input code is one or more plaintext characters. Themethod also includes generating a first encrypted value using a firstencryption algorithm based on the user input code. The method furtherincludes decrypting the first encrypted value using one or moreadditional encryption algorithms. One or more synthetic user input codesare generated by the decryption of the first encrypted value using eachof the one or more additional encryption algorithms. The method stillfurther includes determining a first encryption vulnerability scorebased on the value of the one or more synthetic user input codes. Thefirst encryption vulnerability score is based on one or moresimilarities between the user input code and the one or more syntheticuser input codes. The method also includes causing a transmission of auser input code notification based on the first encryption vulnerabilityscore.

In some embodiments, the user input code notification is at least one ofthe user input code or the first encryption algorithm in an instance inwhich the first encryption vulnerability score is above a thresholdvulnerability level. In such an embodiment, in an instance in which thefirst encryption vulnerability score is below a threshold vulnerabilitylevel, the method further includes determining a second encryptionalgorithm to generate a second encrypted value based on the user inputcode.

In some embodiments, the method also includes generating a secondencrypted value using a second encryption algorithm based on the userinput code; decrypting the second encrypted value using the one or moreadditional encryption algorithms, with one or more secondary syntheticuser input codes being generated by the decryption of the secondencrypted value using each of the one or more additional encryptionalgorithm; and determining a second encryption vulnerability score basedon the one or more secondary synthetic user input codes.

In some embodiments, the method also includes generating the user inputcode notification based on the second encryption algorithm in aninstance in which the second encryption vulnerability score is above athreshold vulnerability score. In some embodiments, the second encryptedvalue generated using a second encryption algorithm based on the userinput code is generated in an instance in which the first encryptionvulnerability score is below a threshold vulnerability score.

In some embodiments, the method also includes comparing the firstencryption vulnerability score and the second encryption vulnerabilityscore and selecting a primary encryption algorithm between the firstencryption algorithm and the second algorithm based on the comparison ofthe first encryption vulnerability score and the second encryptionvulnerability score. In such an embodiment, the user input codenotification is based on the primary encryption algorithm.

Embodiments of the present disclosure address the above needs and/orachieve other advantages by providing apparatuses (e.g., a system,computer program product and/or other devices) and methods for providingcomplex data encryption. The system embodiments may comprise one or morememory devices having computer readable program code stored thereon, acommunication device, and one or more processing devices operativelycoupled to the one or more memory devices, wherein the one or moreprocessing devices are configured to execute the computer readableprogram code to carry out said embodiments. In computer program productembodiments of the disclosure, the computer program product comprises atleast one non-transitory computer readable medium comprising computerreadable instructions for carrying out said embodiments. Computerimplemented method embodiments of the disclosure may comprise providinga computing system comprising a computer processing device and anon-transitory computer readable medium, where the computer readablemedium comprises configured computer program instruction code, such thatwhen said instruction code is operated by said computer processingdevice, said computer processing device performs certain operations tocarry out said embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described embodiments of the disclosure in general terms,reference will now be made the accompanying drawings, wherein:

FIG. 1 provides a block diagram illustrating a system environment forproviding complex data encryption, in accordance with embodiments of thepresent disclosure;

FIG. 2 provides a block diagram illustrating the entity system 200 ofFIG. 1 , in accordance with embodiments of the present disclosure;

FIG. 3 provides a block diagram illustrating an encryption determinationengine device 300 of FIG. 1 , in accordance with embodiments of thepresent disclosure;

FIG. 4 provides a block diagram illustrating the computing device system400 of FIG. 1 , in accordance with embodiments of the presentdisclosure;

FIG. 5 illustrates a flow chart of the method of providing complex dataencryption in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION

Embodiments of the present disclosure will now be described more fullyhereinafter with reference to the accompanying drawings, in which some,but not all, embodiments of the present disclosure are shown. Indeed,the present disclosure may be embodied in many different forms andshould not be construed as limited to the embodiments set forth herein;rather, these embodiments are provided so that this disclosure willsatisfy applicable legal requirements. Where possible, any termsexpressed in the singular form herein are meant to also include theplural form and vice versa, unless explicitly stated otherwise. Also, asused herein, the term “a” and/or “an” shall mean “one or more,” eventhough the phrase “one or more” is also used herein. Furthermore, whenit is said herein that something is “based on” something else, it may bebased on one or more other things as well. In other words, unlessexpressly indicated otherwise, as used herein “based on” means “based atleast in part on” or “based at least partially on.” Like numbers referto like elements throughout.

As described herein, the term “entity” may be any organization thatutilizes one or more entity resources, including, but not limited to,one or more entity systems, one or more entity databases, one or moreapplications, one or more servers, or the like to perform one or moreorganization activities associated with the entity. In some embodiments,an entity may be any organization that develops, maintains, utilizes,and/or controls one or more applications and/or databases. Applicationsas described herein may be any software applications configured toperform one or more operations of the entity. Databases as describedherein may be any datastores that store data associated withorganizational activities associated with the entity. In someembodiments, the entity may be a financial institution which may includeherein may include any financial institutions such as commercial banks,thrifts, federal and state savings banks, savings and loan associations,credit unions, investment companies, insurance companies and the like.In some embodiments, the financial institution may allow a customer toestablish an account with the financial institution. In someembodiments, the entity may be a non-financial institution.

Many of the example embodiments and implementations described hereincontemplate interactions engaged in by a user with a computing deviceand/or one or more communication devices and/or secondary communicationdevices. A “user”, as referenced herein, may refer to an entity orindividual that has the ability and/or authorization to access and useone or more applications provided by the entity and/or the system of thepresent disclosure. Furthermore, as used herein, the term “usercomputing device” or “mobile device” may refer to mobile phones,computing devices, tablet computers, wearable devices, smart devicesand/or any portable electronic device capable of receiving and/orstoring data therein.

A “user interface” is any device or software that allows a user to inputinformation, such as commands or data, into a device, or that allows thedevice to output information to the user. For example, the userinterface includes a graphical user interface (GUI) or an interface toinput computer-executable instructions that direct a processing deviceto carry out specific functions. The user interface typically employscertain input and output devices to input data received from a user orto output data to a user. These input and output devices may include adisplay, mouse, keyboard, button, touchpad, touch screen, microphone,speaker, LED, light, joystick, switch, buzzer, bell, and/or other userinput/output device for communicating with one or more users.

As used herein, “machine learning algorithms” may refer to programs(math and logic) that are configured to self-adjust and perform betteras they are exposed to more data. To this extent, machine learningalgorithms are capable of adjusting their own parameters, given feedbackon previous performance in making prediction about a dataset. Machinelearning algorithms contemplated, described, and/or used herein includesupervised learning (e.g., using logistic regression, using backpropagation neural networks, using random forests, decision trees,etc.), unsupervised learning (e.g., using an Apriori algorithm, usingK-means clustering), semi-supervised learning, reinforcement learning(e.g., using a Q-learning algorithm, using temporal differencelearning), and/or any other suitable machine learning model type. Eachof these types of machine learning algorithms can implement any of oneor more of a regression algorithm (e.g., ordinary least squares,logistic regression, stepwise regression, multivariate adaptiveregression splines, locally estimated scatterplot smoothing, etc.), aninstance-based method (e.g., k-nearest neighbor, learning vectorquantization, self-organizing map, etc.), a regularization method (e.g.,ridge regression, least absolute shrinkage and selection operator,elastic net, etc.), a decision tree learning method (e.g.,classification and regression tree, iterative dichotomiser 3, C4.5,chi-squared automatic interaction detection, decision stump, randomforest, multivariate adaptive regression splines, gradient boostingmachines, etc.), a Bayesian method (e.g., naïve Bayes, averagedone-dependence estimators, Bayesian belief network, etc.), a kernelmethod (e.g., a support vector machine, a radial basis function, etc.),a clustering method (e.g., k-means clustering, expectation maximization,etc.), an associated rule learning algorithm (e.g., an Apriorialgorithm, an Eclat algorithm, etc.), an artificial neural network model(e.g., a Perceptron method, a back-propagation method, a Hopfieldnetwork method, a self-organizing map method, a learning vectorquantization method, etc.), a deep learning algorithm (e.g., arestricted Boltzmann machine, a deep belief network method, aconvolution network method, a stacked auto-encoder method, etc.), adimensionality reduction method (e.g., principal component analysis,partial least squares regression, Sammon mapping, multidimensionalscaling, projection pursuit, etc.), an ensemble method (e.g., boosting,bootstrapped aggregation, AdaBoost, stacked generalization, gradientboosting machine method, random forest method, etc.), and/or anysuitable form of machine learning algorithm.

As used herein, “machine learning model” may refer to a mathematicalmodel generated by machine learning algorithms based on sample data,known as training data, to make predictions or decisions without beingexplicitly programmed to do so. The machine learning model representswhat was learned by the machine learning algorithm and represents therules, numbers, and any other algorithm-specific data structuresrequired to for classification.

Current encryption schemes are susceptible to numerous cryptanalysistechniques including frequency analysis, n-tuple analysis, dictionaryattacks, and brute force hacking. While the decryption can be completedusing various techniques, it is not possible to determine that thedecrypted value is correct. Therefore, potential hackers may performmultiple cryptanalysis techniques until the decrypted value meets agiven criteria (e.g., the decrypted value is a potential password thatfits the password requirements for the given application).

Various embodiments of the present disclosure provide a system andmethod for providing complex data encryption. The system receives a userinput code from a user. The user input code is composed of plain textcharacters, such as a password. The system encrypts the user input codeusing a first encryption algorithm and then attempts to decrypt theencrypted value using various other encryption algorithms. The systemdetermines the vulnerability of the user input based on similaritiesbetween the decrypted values from the various other encryptionalgorithms and one or more expected user input codes. The system mayrepeat the operations with one or more additional encryption algorithmsuntil the encryption vulnerability score is above a given vulnerabilitythreshold value.

An encryption function includes a user input code (e.g., as plaintext)and an encryption algorithm that encrypts the user input code. Anexample encryption algorithm includes a secret key and one or moreseries of mathematical functions performed on the user input code andthe secret key to generate the encrypted value. The decryption functionincludes the encrypted value and the encryption algorithm that decryptsthe encrypted value. An example decryption includes apply one or moreseries of mathematical functions performed on the encrypted value andthe secret key to generate the decrypted value (e.g., the user inputcode).

FIG. 1 provides a block diagram illustrating a system environment 100for providing complex data encryption. As illustrated in FIG. 1 , thesystem environment 100 includes an encryption determination enginedevice 300, an entity system 200, and a computing device system 400. Oneor more users 110 may be included in the system environment 100, wherethe users 110 interact with the other entities of the system environment100 via a user interface of the computing device system 400. In someembodiments, the one or more user(s) 110 of the system environment 100may be employees (e.g., application developers, database administrators,application owners, application end users, business analysts, financeagents, or the like) of an entity associated with the entity system 200.

The entity system(s) 200 may be any system owned or otherwise controlledby an entity to support or perform one or more process steps describedherein. In some embodiments, the entity is a financial institution. Insome embodiments, the entity may be a non-financial institution. In someembodiments, the entity may be any organization that utilizes one ormore entity resources to perform one or more organizational activities.

The encryption determination engine device 300 is a system of thepresent disclosure for performing one or more process steps describedherein. In some embodiments, the encryption determination engine device300 may be an independent system. In some embodiments, the encryptiondetermination engine device 300 may be a part of the entity system 200.For example, the methods discussed herein may be carried out by theentity system 200, the encryption determination engine device 300, thecomputing device system 400, and/or a combination thereof.

The encryption determination engine device 300, the entity system 200,and/or the computing device system 400 may be in network communicationacross the system environment 100 through the network 150. The network150 may include a local area network (LAN), a wide area network (WAN),and/or a global area network (GAN). The network 150 may provide forwireline, wireless, or a combination of wireline and wirelesscommunication between devices in the network. In one embodiment, thenetwork 150 includes the Internet. In general, the encryptiondetermination engine device 300 is configured to communicate informationor instructions with the entity system 200, and/or the computing devicesystem 400across the network 150. While the entity system 200, theencryption determination engine device 300, the computing device system400, and server device(s) are illustrated as separate componentscommunicating via network 150, one or more of the components discussedhere may be carried out via the same system (e.g., a single system mayinclude the entity system 200 and the encryption determination enginedevice 300).

The computing device system 400 may be a system owned or controlled bythe entity of the entity system 200 and/or the user 110. As such, thecomputing device system 400 may be a computing device of the user 110.In general, the computing device system 400 communicates with the user110 via a user interface of the computing device system 400, and in turnis configured to communicate information or instructions with theencryption determination engine device 300, and/or entity system 200across the network 150.

FIG. 2 provides a block diagram illustrating the entity system 200, ingreater detail, in accordance with embodiments of the disclosure. Asillustrated in FIG. 2 , in one embodiment, the entity system 200includes one or more processing devices 220 operatively coupled to anetwork communication interface 210 and a memory device 230. In certainembodiments, the entity system 200 is operated by a first entity, suchas a financial institution. In some embodiments, the entity system 200may be a multi-tenant cluster storage system.

It should be understood that the memory device 230 may include one ormore databases or other data structures/repositories. The memory device230 also includes computer-executable program code that instructs theprocessing device 220 to operate the network communication interface 210to perform certain communication functions of the entity system 200described herein. For example, in one embodiment of the entity system200, the memory device 230 includes, but is not limited to, anencryption determination engine application 250, one or more entityapplications 270, and a data repository 280 comprising data accessed,retrieved, and/or computed by the entity system 200. The one or moreentity applications 270 may be any applications developed, supported,maintained, utilized, and/or controlled by the entity. Thecomputer-executable program code of the network server application 240,the encryption determination engine application 250, the one or moreentity application 270 to perform certain logic, data-extraction, anddata-storing functions of the entity system 200 described herein, aswell as communication functions of the entity system 200.

The network server application 240, the encryption determination engineapplication 250, and the one or more entity applications 270 areconfigured to store data in the data repository 280 or to use the datastored in the data repository 280 when communicating through the networkcommunication interface 210 with the encryption determination enginedevice 300, and/or the computing device system 400 to perform one ormore process steps described herein. In some embodiments, the entitysystem 200 may receive instructions from the encryption determinationengine device 300 via the encryption determination engine application250 to perform certain operations. The encryption determination engineapplication 250 may be provided by the encryption determination enginedevice 300. The one or more entity applications 270 may be any of theapplications used, created, modified, facilitated, and/or managed by theentity system 200. The encryption determination engine application 250may be in communication with the encryption determination engine device300. In some embodiments, portions of the methods discussed herein maybe carried out by the entity system 200.

FIG. 3 provides a block diagram illustrating the encryptiondetermination engine device 300 in greater detail, in accordance withvarious embodiments.). As illustrated in FIG. 3 , in one embodiment, theencryption determination engine device 300 includes one or moreprocessing devices 320 operatively coupled to a network communicationinterface 310 and a memory device 330. In certain embodiments, theencryption determination engine device 300 is operated by an entity,such as a financial institution. In some embodiments, the encryptiondetermination engine device 300 is owned or operated by the entity ofthe entity system 200. In some embodiments, the encryption determinationengine device 300 may be an independent system. In alternateembodiments, the encryption determination engine device 300 may be apart of the entity system 200.

It should be understood that the memory device 330 may include one ormore databases or other data structures/repositories. The memory device330 also includes computer-executable program code that instructs theprocessing device 320 to operate the network communication interface 310to perform certain communication functions of the encryptiondetermination engine device 300 described herein. For example, in oneembodiment of the encryption determination engine device 300, the memorydevice 330 includes, but is not limited to, a network provisioningapplication 340, a data gathering application 350, an artificialintelligence engine 370, an encryption determination engine executor380, and a data repository 390 comprising any data processed or accessedby one or more applications in the memory device 330. Thecomputer-executable program code of the network provisioning application340, the data gathering application 350, the artificial intelligenceengine 370, and the encryption determination engine executor 380 mayinstruct the processing device 320 to perform certain logic,data-processing, and data-storing functions of the encryptiondetermination engine device 300 described herein, as well ascommunication functions of the encryption determination engine device300.

The network provisioning application 340, the data gathering application350, the artificial intelligence engine 370, and the encryptiondetermination engine executor 380 are configured to invoke or use thedata in the data repository 390 when communicating through the networkcommunication interface 310 with the entity system 200, and/or thecomputing device system 400. In some embodiments, the networkprovisioning application 340, the data gathering application 350, theartificial intelligence engine 370, and the encryption determinationengine executor 380 may store the data extracted or received from theentity system 200, and the computing device system 400 in the datarepository 390. In some embodiments, the network provisioningapplication 340, the data gathering application 350, the artificialintelligence engine 370, and the encryption determination engineexecutor 380 may be a part of a single application.

FIG. 4 provides a block diagram illustrating a computing device system400 of FIG. 1 in more detail, in accordance with various embodiments.However, it should be understood that a mobile telephone is merelyillustrative of one type of computing device system 400 that may benefitfrom, employ, or otherwise be involved with embodiments of the presentdisclosure and, therefore, should not be taken to limit the scope ofembodiments of the present disclosure. Other types of computing devicesmay include portable digital assistants (PDAs), pagers, mobiletelevisions, electronic media devices, desktop computers, workstations,laptop computers, cameras, video recorders, audio/video player, radio,GPS devices, wearable devices, Internet-of-things devices, augmentedreality devices, virtual reality devices, automated teller machine (ATM)devices, electronic kiosk devices, or any combination of theaforementioned. The computing device system 400 of various embodimentsmay be capable of rendering an API configuration.

Some embodiments of the computing device system 400 include a processor410 communicably coupled to such devices as a memory 420, user outputdevices 436, user input devices 440, a network interface 460, a powersource 415, a clock or other timer 450, a camera 480, and a positioningsystem device 475. The processor 410, and other processors describedherein, generally include circuitry for implementing communicationand/or logic functions of the computing device system 400. For example,the processor 410 may include a digital signal processor device, amicroprocessor device, and various analog to digital converters, digitalto analog converters, and/or other support circuits. Control and signalprocessing functions of the computing device system 400 are allocatedbetween these devices according to their respective capabilities. Theprocessor 410 thus may also include the functionality to encode andinterleave messages and data prior to modulation and transmission. Theprocessor 410 can additionally include an internal data modem. Further,the processor 410 may include functionality to operate one or moresoftware programs, which may be stored in the memory 420. For example,the processor 410 may be capable of operating a connectivity program,such as a web browser application 422. The web browser application 422may then allow the computing device system 400 to transmit and receiveweb content, such as, for example, location-based content and/or otherweb page content, according to a Wireless Application Protocol (WAP),Hypertext Transfer Protocol (HTTP), and/or the like.

The processor 410 is configured to use the network interface 460 tocommunicate with one or more other devices on the network 150. In thisregard, the network interface 460 includes an antenna 476 operativelycoupled to a transmitter 474 and a receiver 472 (together a“transceiver”). The processor 410 is configured to provide signals toand receive signals from the transmitter 474 and receiver 472,respectively. The signals may include signaling information inaccordance with the air interface standard of the applicable cellularsystem of the wireless network 152. In this regard, the computing devicesystem 400 may be configured to operate with one or more air interfacestandards, communication protocols, modulation types, and access types.By way of illustration, the computing device system 400 may beconfigured to operate in accordance with any of a number of first,second, third, and/or fourth-generation communication protocols and/orthe like.

As described above, the computing device system 400 has a user interfacethat is, like other user interfaces described herein, made up of useroutput devices 436 and/or user input devices 440. The user outputdevices 436 include one or more displays 430 (e.g., a liquid crystaldisplay or the like) and a speaker 432 or other audio device, which areoperatively coupled to the processor 410.

The user input devices 440, which allow the computing device system 400to receive data from a user such as the user 110, may include any of anumber of devices allowing the computing device system 400 to receivedata from the user 110, such as a keypad, keyboard, touch-screen,touchpad, microphone, mouse, joystick, other pointer device, button,soft key, and/or other input device(s). The user interface may alsoinclude a camera 480, such as a digital camera.

The computing device system 400 may also include a positioning systemdevice 475 that is configured to be used by a positioning system todetermine a location of the computing device system 400. For example,the positioning system device 475 may include a GPS transceiver. In someembodiments, the positioning system device 475 is at least partiallymade up of the antenna 476, transmitter 474, and receiver 472 describedabove. For example, in one embodiment, triangulation of cellular signalsmay be used to identify the approximate or exact geographical locationof the computing device system 400. In other embodiments, thepositioning system device 475 includes a proximity sensor ortransmitter, such as an RFID tag, that can sense or be sensed by devicesknown to be located proximate a merchant or other location to determinethat the computing device system 400 is located proximate these knowndevices.

The computing device system 400 further includes a power source 415,such as a battery, for powering various circuits and other devices thatare used to operate the computing device system 400. Embodiments of thecomputing device system 400 may also include a clock or other timer 450configured to determine and, in some cases, communicate actual orrelative time to the processor 410 or one or more other devices.

The computing device system 400 also includes a memory 420 operativelycoupled to the processor 410. As used herein, memory includes anycomputer readable medium (as defined herein below) configured to storedata, code, or other information. The memory 420 may include volatilememory, such as volatile Random Access Memory (RAM) including a cachearea for the temporary storage of data. The memory 420 may also includenon-volatile memory, which can be embedded and/or may be removable. Thenon-volatile memory can additionally or alternatively include anelectrically erasable programmable read-only memory (EEPROM), flashmemory or the like.

The memory 420 can store any of a number of applications which comprisecomputer-executable instructions/code executed by the processor 410 toimplement the functions of the computing device system 400 and/or one ormore of the process/method steps described herein. For example, thememory 420 may include such applications as a conventional web browserapplication 422, an encryption determination engine application 421,entity application 424. These applications also typically instructionsto a graphical user interface (GUI) on the display 430 that allows theuser 110 to interact with the entity system 200, the encryptiondetermination engine device 300, and/or other devices or systems. Thememory 420 of the computing device system 400 may comprise a ShortMessage Service (SMS) application 423 configured to send, receive, andstore data, information, communications, alerts, and the like via thewireless telephone network 152. In some embodiments, the encryptiondetermination engine application 421 provided by the encryptiondetermination engine device 300 allows the user 110 to access theencryption determination engine device 300. In some embodiments, theentity application 424 provided by the entity system 200 and theencryption determination engine application 421 allow the user 110 toaccess the functionalities provided by the encryption determinationengine device 300 and the entity system 200.

The memory 420 can also store any of a number of pieces of information,and data, used by the computing device system 400 and the applicationsand devices that make up the computing device system 400 or are incommunication with the computing device system 400 to implement thefunctions of the computing device system 400 and/or the other systemsdescribed herein.

FIG. 5 illustrates another example method of providing complex dataencryption. The method may be carried out by a system discussed herein(e.g., the entity system 200, the encryption determination engine device300, the computing device system 400, and/or the local device(s) 500).An example system may include at least one non-transitory storage deviceand at least one processing device coupled to the at least onenon-transitory storage device. In such an embodiment, the at least oneprocessing device is configured to carry out the method discussedherein.

Referring now to Block 500 of FIG. 5 , the method includes receiving auser input code from a computing device associated with a user. The userinput code includes one or more plaintext characters. The user inputcode may be a password, credit card number, and/or any plaintextcharacters that are intended to be encrypted. The user input code may bea word or series of words. Additionally or alternatively, the user inputcode may include numbers (e.g., credit card number). In someembodiments, a user may be prompted, via a user interface of thecomputing device system 400 to input the user input code. For example,an application or website may request a user to create a password.

Referring now to Block 510 of FIG. 5 , the method includes generating afirst encrypted value using a first encryption algorithm based on theuser input code. In some embodiments, the system may prompt a user toindicate a desired encryption algorithm or target encryption algorithm.Alternatively, the method may include asking the user one or morequestions in order to determine the encryption algorithm (e.g., thequestions may relate to the desired security level and an encryptionalgorithm may be selected based on the desired security level). In anexample embodiment, the first encryption algorithm is a series ofmathematical operations with two or more unknown variables. The userinput code, along with a secret code are used as the unknown variablesto generate an encrypted value (e.g., a ciphertext).

Referring now to Block 520 of FIG. 5 , the method includes decryptingthe first encrypted value using one or more additional encryptionalgorithms. The one or more additional encryption algorithms may be thesame series of mathematical operations using different secret keys thanthe known secret key. Additionally or alternatively, the one or moreadditional encryption algorithms may be one or more differentmathematical operations that use the same or different secret keys. Theadditional encryption algorithms may include strategies used by varioushacking techniques, such as frequency analysis, n-tuple analysis,dictionary attacks, and and/or brute force methods. The decrypted valueis a synthetic user input code that is used to compare to expected userinput codes, as discussed below in reference to Block 530 of FIG. 5 .

Referring now to Block 530 of FIG. 5 , the method includes determining afirst encryption vulnerability score based on the value of the one ormore synthetic user input codes. The first encryption vulnerabilityscore is based on one or more similarities of the synthetic user inputcode(s) to the user input code. The encryption vulnerability score maybe based on the similarities between the synthetic user input code(s)and one or more expected user input codes. Expected user input codes maybe one or more set of characters that meet a given criteria for a userinput code. For example, in an instance in which the user input code isa password, the password requirement may require a certain number ofletters, numbers, and/or symbols and the expected user data inputs maybe one or more potential passwords that meet said requirements.

The first encryption vulnerability score may be determined using acombination of frequency analysis and n-tuple analysis examining thesimilarities between the synthetic user input codes and the expectedinput codes. The first encryption vulnerability score is a relativescore for the first encryption algorithm based on the number andsimilarity scores of the synthetic user input code(s).

Referring now to optional Block 540 of FIG. 5 , the method includesgenerating a second encrypted value using a second encryption algorithmbased on the user input code. The second encryption algorithm may be thesame series of mathematical operations as the first encryption algorithmwith a different secret key used. As such, the second encrypted valuewill be different than the first encrypted value. Alternatively, thesecond encryption algorithm may be a different set of mathematicaloperations using the same or different secret keys. The user input codecan then be input into the second encryption algorithm to generate thesecond encrypted value.

The second encrypted value may be generated using similar techniques tothe operations discussed in referenced to generating the first encryptedvalue. In some embodiments, the second encrypted value may be generatedin an instance in which the first encryption vulnerability score isbelow a threshold vulnerability score. Alternatively, the secondencrypted value may be generated in parallel (e.g., the first encryptedvalue and the second encrypted value may be generated before analyzingthe first encryption vulnerability score is complete to determinewhether the first encryption vulnerability score is below the thresholdvulnerability score).

Additional encrypted values (e.g., a third encrypted value, a fourthencrypted value, etc.) may be generated using the user input code andone or more encryption algorithms. The encryption vulnerability scoresof each may be determined as discussed in reference to the determined ofthe encryption vulnerability score of the first encrypted value and thesecond encrypted value.

Referring now to optional Block 550 of FIG. 5 , the method includesdecrypting the second encrypted value using the one or more additionalencryption algorithms. The decryption of the second encrypted value maybe the same process as the decryption of the first encrypted valuediscussed above in reference to Block 520 of FIG. 5 . The one or moreadditional encryption algorithms may be the same series of mathematicaloperations as used to generate the second encrypted value usingdifferent secret keys than the known secret key. Additionally oralternatively, the one or more additional encryption algorithms may beone or more different mathematical operations that use the same ordifferent secret keys. The additional encryption algorithms may includestrategies used by various hacking techniques, such as frequencyanalysis, n-tuple analysis, dictionary attacks, and and/or brute forcemethods. The decrypted value is a synthetic user input code that is usedto compare to expected user input codes, as discussed below in referenceto Block 560 of FIG. 5 .

Referring now to optional Block 560 of FIG. 5 , the method includesdetermining a second encryption vulnerability score based on the one ormore secondary synthetic user input codes. The second encryptionvulnerability score may be the same process as used to determine thefirst encryption vulnerability score discussed above in reference toBlock 530 of FIG. 5 .

The second encryption vulnerability score is based on one or moresimilarities of the synthetic user input code(s) generated from thesecond encrypted value to the user input code. The encryptionvulnerability score may be based on the similarities between thesynthetic user input code(s) and one or more expected user input codes.Expected user input codes may be one or more set of characters that meeta given criteria for a user input code. For example, in an instance inwhich the user input code is a password, the password requirement mayrequire a certain number of letters, numbers, and/or symbols and theexpected user data inputs may be one or more potential passwords thatmeet said requirements.

The second encryption vulnerability score may be determined using acombination of frequency analysis and n-tuple analysis examining thesimilarities between the synthetic user input codes and the expectedinput codes. The second encryption vulnerability score is a relativescore for the second encryption algorithm based on the number andsimilarity scores of the synthetic user input code(s).

Referring now to Block 570 of FIG. 5 , the method includes causing atransmission of a user input code notification based on the firstencryption vulnerability score and/or the second encryptionvulnerability score. The user input code notification may includeinformation relating to the user input code, the selected encryptionalgorithm (e.g., the secret key), and/or the encrypted value. The userinput code notification may be transmitted to the computing devicesystem 400 and/or a third party system (e.g., the encrypted value may besent to a vendor or otherwise for processing).

The given encryption algorithm may be selected based on the encryptionvulnerability score. In some embodiments, the encryption algorithmselected is the first encrypted value that has an encryptionvulnerability score above a vulnerability threshold score. For example,in an instance in which the first encryption vulnerability score isabove the vulnerability threshold score, the first encrypted value maybe selected.

In some embodiments, in an instance in which multiple encryptionvulnerability scores are above the vulnerability threshold score, theencryption vulnerability scores may be compared with one another. Forexample, the first encryption vulnerability score and the secondencryption vulnerability score may be compared to one another with thehigher encryption vulnerability score being selected as the selectedencryption algorithm.

Machine learning may be used to teach the system as the processesdiscussed herein are repeated. For example, the user input codes may beused to determined expected user input codes for subsequent operations.The system may use the user input code as a part of a training set to beused in subsequent operations.

As will be appreciated by one of skill in the art, the presentdisclosure may be embodied as a method (including, for example, acomputer-implemented process, a business process, and/or any otherprocess), apparatus (including, for example, a system, machine, device,computer program product, and/or the like), or a combination of theforegoing. Accordingly, embodiments of the present disclosure may takethe form of an entirely hardware embodiment, an entirely softwareembodiment (including firmware, resident software, micro-code, and thelike), or an embodiment combining software and hardware aspects that maygenerally be referred to herein as a “system.” Furthermore, embodimentsof the present disclosure may take the form of a computer programproduct on a computer-readable medium having computer-executable programcode embodied in the medium.

Any suitable transitory or non-transitory computer readable medium maybe utilized. The computer readable medium may be, for example but notlimited to, an electronic, magnetic, optical, electromagnetic, infrared,or semiconductor system, apparatus, or device. More specific examples ofthe computer readable medium include, but are not limited to, thefollowing: an electrical connection having one or more wires; a tangiblestorage medium such as a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), a compact discread-only memory (CD-ROM), or other optical or magnetic storage device.

In the context of this document, a computer readable medium may be anymedium that can contain, store, communicate, or transport the programfor use by or in connection with the instruction execution system,apparatus, or device. The computer usable program code may betransmitted using any appropriate medium, including but not limited tothe Internet, wireline, optical fiber cable, radio frequency (RF)signals, or other mediums.

Computer-executable program code for carrying out operations ofembodiments of the present disclosure may be written in an objectoriented, scripted or unscripted programming language such as Java,Perl, Smalltalk, C++, or the like. However, the computer program codefor carrying out operations of embodiments of the present disclosure mayalso be written in conventional procedural programming languages, suchas the “C” programming language or similar programming languages.

Embodiments of the present disclosure are described above with referenceto flowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products. It will be understood thateach block of the flowchart illustrations and/or block diagrams, and/orcombinations of blocks in the flowchart illustrations and/or blockdiagrams, can be implemented by computer-executable program codeportions. These computer-executable program code portions may beprovided to a processor of a general purpose computer, special purposecomputer, or other programmable data processing apparatus to produce aparticular machine, such that the code portions, which execute via theprocessor of the computer or other programmable data processingapparatus, create mechanisms for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer-executable program code portions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the code portions stored in the computer readablememory produce an article of manufacture including instructionmechanisms which implement the function/act specified in the flowchartand/or block diagram block(s).

The computer-executable program code may also be loaded onto a computeror other programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer-implemented process such that the codeportions which execute on the computer or other programmable apparatusprovide steps for implementing the functions/acts specified in theflowchart and/or block diagram block(s). Alternatively, computer programimplemented steps or acts may be combined with operator or humanimplemented steps or acts in order to carry out an embodiment of thedisclosure.

As the phrase is used herein, a processor may be “configured to” performa certain function in a variety of ways, including, for example, byhaving one or more general-purpose circuits perform the function byexecuting particular computer-executable program code embodied incomputer-readable medium, and/or by having one or moreapplication-specific circuits perform the function.

Embodiments of the present disclosure are described above with referenceto flowcharts and/or block diagrams. It will be understood that steps ofthe processes described herein may be performed in orders different thanthose illustrated in the flowcharts. In other words, the processesrepresented by the blocks of a flowchart may, in some embodiments, be inperformed in an order other that the order illustrated, may be combinedor divided, or may be performed simultaneously. It will also beunderstood that the blocks of the block diagrams illustrated, in someembodiments, merely conceptual delineations between systems and one ormore of the systems illustrated by a block in the block diagrams may becombined or share hardware and/or software with another one or more ofthe systems illustrated by a block in the block diagrams. Likewise, adevice, system, apparatus, and/or the like may be made up of one or moredevices, systems, apparatuses, and/or the like. For example, where aprocessor is illustrated or described herein, the processor may be madeup of a plurality of microprocessors or other processing devices whichmay or may not be coupled to one another. Likewise, where a memory isillustrated or described herein, the memory may be made up of aplurality of memory devices which may or may not be coupled to oneanother.

While certain exemplary embodiments have been described and shown in theaccompanying drawings, it is to be understood that such embodiments aremerely illustrative of, and not restrictive on, the broad disclosure,and that this disclosure not be limited to the specific constructionsand arrangements shown and described, since various other changes,combinations, omissions, modifications and substitutions, in addition tothose set forth in the above paragraphs, are possible. Those skilled inthe art will appreciate that various adaptations and modifications ofthe just described embodiments can be configured without departing fromthe scope and spirit of the disclosure. Therefore, it is to beunderstood that, within the scope of the appended claims, the disclosuremay be practiced other than as specifically described herein.

What is claimed is:
 1. A system for providing complex data encryption,the system comprising: at least one non-transitory storage device; andat least one processing device coupled to the at least onenon-transitory storage device, wherein the at least one processingdevice is configured to: receive a user input code from a computingdevice associated with a user, wherein the user input code is one ormore plaintext characters; generate a first encrypted value using afirst encryption algorithm based on the user input code; decrypt thefirst encrypted value using one or more additional encryptionalgorithms, wherein one or more synthetic user input codes are generatedby the decryption of the first encrypted value using each of the one ormore additional encryption algorithms; determine a first encryptionvulnerability score based on the value of the one or more synthetic userinput codes, wherein the first encryption vulnerability score is basedon one or more similarities between the user input code and the one ormore synthetic user input codes; and cause a transmission of a userinput code notification based on the first encryption vulnerabilityscore.
 2. The system of claim 1, wherein the user input codenotification is at least one of the user input code or the firstencryption algorithm in an instance in which the first encryptionvulnerability score is above a threshold vulnerability level.
 3. Thesystem of claim 1, wherein in an instance in which the first encryptionvulnerability score is below a threshold vulnerability level, the atleast one processing device is configured to determine a secondencryption algorithm to generate a second encrypted value based on theuser input code.
 4. The system of claim 1, wherein the at least oneprocessing device is configured to: generate a second encrypted valueusing a second encryption algorithm based on the user input code,decrypt the second encrypted value using the one or more additionalencryption algorithms, wherein one or more secondary synthetic userinput codes are generated by the decryption of the second encryptedvalue using each of the one or more additional encryption algorithm; anddetermine a second encryption vulnerability score based on the one ormore secondary synthetic user input codes.
 5. The system of claim 4,wherein the at least one processing device is configured to generate theuser input code notification based on the second encryption algorithm inan instance in which the second encryption vulnerability score is abovea threshold vulnerability score.
 6. The system of claim 4, wherein thesecond encrypted value generated using a second encryption algorithmbased on the user input code is generated in an instance in which thefirst encryption vulnerability score is below a threshold vulnerabilityscore.
 7. The system of claim 4, wherein the at least one processingdevice is configured to: compare the first encryption vulnerabilityscore and the second encryption vulnerability score; and based on thecomparison of the first encryption vulnerability score and the secondencryption vulnerability score, select a primary encryption algorithmbetween the first encryption algorithm and the second algorithm, whereinthe user input code notification is based on the primary encryptionalgorithm.
 8. A computer program product for providing complex dataencryption, the computer program product comprising at least onenon-transitory computer-readable medium having computer-readable programcode portions embodied therein, the computer-readable program codeportions comprising: an executable portion configured to receive a userinput code from a computing device associated with a user, wherein theuser input code is one or more plaintext characters; an executableportion configured to generate a first encrypted value using a firstencryption algorithm based on the user input code; an executable portionconfigured to decrypt the first encrypted value using one or moreadditional encryption algorithms, wherein one or more synthetic userinput codes are generated by the decryption of the first encrypted valueusing each of the one or more additional encryption algorithms; anexecutable portion configured to determine a first encryptionvulnerability score based on the value of the one or more synthetic userinput codes, wherein the first encryption vulnerability score is basedon one or more similarities between the user input code and the one ormore synthetic user input codes; and an executable portion configured tocause a transmission of a user input code notification based on thefirst encryption vulnerability score.
 9. The computer program product ofclaim 8, wherein the user input code notification is at least one of theuser input code or the first encryption algorithm in an instance inwhich the first encryption vulnerability score is above a thresholdvulnerability level.
 10. The computer program product of claim 8,wherein in an instance in which the first encryption vulnerability scoreis below a threshold vulnerability level, the computer-readable programcode portions still further include an executable portion configured todetermine a second encryption algorithm to generate a second encryptedvalue based on the user input code.
 11. The computer program product ofclaim 8, further comprising an executable portion configured to:generate a second encrypted value using a second encryption algorithmbased on the user input code; decrypt the second encrypted value usingthe one or more additional encryption algorithms, wherein one or moresecondary synthetic user input codes are generated by the decryption ofthe second encrypted value using each of the one or more additionalencryption algorithm; and determine a second encryption vulnerabilityscore based on the one or more secondary synthetic user input codes. 12.The computer program product of claim 11, further comprising anexecutable portion configured to generate the user input codenotification based on the second encryption algorithm in an instance inwhich the second encryption vulnerability score is above a thresholdvulnerability score.
 13. The computer program product of claim 11,wherein the second encrypted value generated using a second encryptionalgorithm based on the user input code is generated in an instance inwhich the first encryption vulnerability score is below a thresholdvulnerability score.
 14. The computer program product of claim 11,further comprising an executable portion configured to: compare thefirst encryption vulnerability score and the second encryptionvulnerability score; and based on the comparison of the first encryptionvulnerability score and the second encryption vulnerability score,select a primary encryption algorithm between the first encryptionalgorithm and the second algorithm, wherein the user input codenotification is based on the primary encryption algorithm.
 15. Acomputer-implemented method for providing complex data encryption, themethod comprising: receiving a user input code from a computing deviceassociated with a user, wherein the user input code is one or moreplaintext characters; generating a first encrypted value using a firstencryption algorithm based on the user input code; decrypting the firstencrypted value using one or more additional encryption algorithms,wherein one or more synthetic user input codes are generated by thedecryption of the first encrypted value using each of the one or moreadditional encryption algorithms; determining a first encryptionvulnerability score based on the value of the one or more synthetic userinput codes, wherein the first encryption vulnerability score is basedon one or more similarities between the user input code and the one ormore synthetic user input codes; and causing a transmission of a userinput code notification based on the first encryption vulnerabilityscore.
 16. The method of claim 15, wherein the user input codenotification is at least one of the user input code or the firstencryption algorithm in an instance in which the first encryptionvulnerability score is above a threshold vulnerability level, andwherein in an instance in which the first encryption vulnerability scoreis below a threshold vulnerability level, the method further comprisesdetermining a second encryption algorithm to generate a second encryptedvalue based on the user input code.
 17. The method of claim 15, furthercomprising: generating a second encrypted value using a secondencryption algorithm based on the user input code; decrypting the secondencrypted value using the one or more additional encryption algorithms,wherein one or more secondary synthetic user input codes are generatedby the decryption of the second encrypted value using each of the one ormore additional encryption algorithm; and determining a secondencryption vulnerability score based on the one or more secondarysynthetic user input codes.
 18. The method of claim 17, furthercomprising generating the user input code notification based on thesecond encryption algorithm in an instance in which the secondencryption vulnerability score is above a threshold vulnerability score.19. The method of claim 17, wherein the second encrypted value generatedusing a second encryption algorithm based on the user input code isgenerated in an instance in which the first encryption vulnerabilityscore is below a threshold vulnerability score.
 20. The method of claim17, further comprising: comparing the first encryption vulnerabilityscore and the second encryption vulnerability score; and based on thecomparison of the first encryption vulnerability score and the secondencryption vulnerability score, selecting a primary encryption algorithmbetween the first encryption algorithm and the second algorithm, whereinthe user input code notification is based on the primary encryptionalgorithm.